September 26, 2004
Added BT Audit my Bluetooth port scanner suite to our list of tools.
September 23, 2004
September 19, 2004
Project page on Blooover
Blooover is the MIDP application I wrote about in the "Further Work" section of the BlueBug CeBit field-trial report. This has also been the reason why I bought myself a Nokia 6600 phone that runs J2ME MIDP 2.0 with an implementation of the JSR-82 Bluetooth API. The Nokia is not vulnerable to any known bluetooth attack (by now) but crashes every now and then (also without having to touch it :). Recently, I downloaded a copy of the J2ME Wireless Toolkit Version 2.2 that is capable of providing access to emulated bluetooth devices. This makes debugging a little easier. But what really is annoying, is that the WTK 2.2 only runs on Windoze by now. Hopefully, there will be a version available for Linux operating systems as well. Cannot be soon enough :)
Project page on Blueprinting
Collin and I began working together on a project called Blueprinting. The idea behind Blueprinting is to determine manufacturer and model of active bluetooth-enabled devices remotely.
There is a prototype script already, but there is still some work needed. Actually, there is some ambiguity for certain models. Obviously, different Series60 phones from Nokia use the same firmware. At least our hashing produces the same fingerprint... (one case we get the same fingerprint is a certain version of the Nokia 3650 and a version of the Nokia N-Gage)
Project page on Bluetooone
Today, I got all the things together and put up a page with instructions on how to modify a Linksys Bluetooth USB adaptor in order to connect a directional antenna. The guys from pentest did that last year already for an MSI dongle... but this seems to be a little more complicated than modifying a Linksys dongle (which already has an external antenna).
A modified Linksys dongle is not so new. Actually, we used a modified Linksys dongle as we did the Long-Distane-Snarf in Santa Monica. I think the one we used there has been put together by Mike Outmesguine. But I am not sure on this. It could also have been done by the flexilis guys.
September 17, 2004
Story on Long Distance Snarf aired on g4TechTV
Yesterday, the story about the long distance bluetooth expetriment that has been filmed at the Santa Monica Peer last month was broadcasted in the "The Screen Savers" show, yesterday.
September 07, 2004
Nokia announced firmware fix... finally
After all the details about the bluetooth issues with Nokia cell phones were communicated and presented during the last year, Nokia finally announced a firmware security patch that solved the issues that could be exploited the BlueSnarf and the BlueBug attack.
You can find the details about the firmware upgrade here. As owner of one of the vulnerable handsets that frequently uses bluetooth, you definitely should flash the new software on your phone as soon as possible. You can do that either by
After all, Nokia reacted to the
September 04, 2004
OpenGroupware.org @ trifinite
Today, I installed OpenGroupware on the trifinite.server. This was rather hard, since it is rather bloaty and complex. It took me quite a while to figure out how this is supposed to work.